#Red_Team_Tactics
1. Hijacking service workers via DOM Clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
2. Abusing Reddit API to host the C2 traffic
https://github.com/kleiton0x00/RedditC2
3. Abusing JSON-Based SQL to Bypass WAF
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
1. Hijacking service workers via DOM Clobbering
https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering
2. Abusing Reddit API to host the C2 traffic
https://github.com/kleiton0x00/RedditC2
3. Abusing JSON-Based SQL to Bypass WAF
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
PortSwigger Research
Hijacking service workers via DOM Clobbering
In this post, we'll briefly review how service worker hijacking works, then introduce a variant that can be triggered via DOM clobbering thanks to a quirk in document.getElementById(). Understanding s
#Red_Team_Tactics
1. StealthHook - A method for hooking a function without modifying memory protection
https://www.x86matthew.com/view_post?id=stealth_hook
2. Frida script to bypass common methods of sslpining Android
https://gist.github.com/incogbyte/1e0e2f38b5602e72b1380f21ba04b15e
3. pipe_buffer arbitrary read write
https://interruptlabs.co.uk/labs/pipe_buffer
1. StealthHook - A method for hooking a function without modifying memory protection
https://www.x86matthew.com/view_post?id=stealth_hook
2. Frida script to bypass common methods of sslpining Android
https://gist.github.com/incogbyte/1e0e2f38b5602e72b1380f21ba04b15e
3. pipe_buffer arbitrary read write
https://interruptlabs.co.uk/labs/pipe_buffer
Gist
Frida script to bypass common methods of sslpining Android
Frida script to bypass common methods of sslpining Android - mixunpin.js
Dirty_Vanity.pdf
2.3 MB
#Red_Team_Tactics
BlackHat Europe 2022:
"Dirty Vanity: A New Approach to Code injection & EDR bypass".
]-> A PoC for the new injection technique, abusing windows fork API to evade EDRs:
https://github.com/deepinstinct/Dirty-Vanity
BlackHat Europe 2022:
"Dirty Vanity: A New Approach to Code injection & EDR bypass".
]-> A PoC for the new injection technique, abusing windows fork API to evade EDRs:
https://github.com/deepinstinct/Dirty-Vanity
#tools
#Red_Team_Tactics
1. Talon - password guessing tool that targets the Kerberos/LDAP services within the Windows AD environment
https://github.com/optiv/Talon
2. Bypass Rails::Html::SafeListSanitizer filtering and perform an XSS attack
https://hackerone.com/reports/1656627
3. Tool which can help to get NT AUTHORITY\SYSTEM from arbitrary directory creation bugs
https://github.com/binderlabs/DirCreate2System
#Red_Team_Tactics
1. Talon - password guessing tool that targets the Kerberos/LDAP services within the Windows AD environment
https://github.com/optiv/Talon
2. Bypass Rails::Html::SafeListSanitizer filtering and perform an XSS attack
https://hackerone.com/reports/1656627
3. Tool which can help to get NT AUTHORITY\SYSTEM from arbitrary directory creation bugs
https://github.com/binderlabs/DirCreate2System
GitHub
GitHub - optiv/Talon: A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory…
A password guessing tool that targets the Kerberos and LDAP services within the Windows Active Directory environment. - optiv/Talon
#Red_Team_Tactics
1. {JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
2. How To Exploit File Inclusion Vulnerabilities
https://infosecwriteups.com/how-to-exploit-file-inclusion-vulnerabilities-a-beginners-introduction-stackzero-a55267b5fafb
1. {JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
2. How To Exploit File Inclusion Vulnerabilities
https://infosecwriteups.com/how-to-exploit-file-inclusion-vulnerabilities-a-beginners-introduction-stackzero-a55267b5fafb
Claroty
{JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF
Team82 developed a generic web application firewall bypass exploiting a lack of JSON syntax support in leading vendors' SQL injection like AWS and Imperva WAF.
#Red_Team_Tactics
1. Blindside: A New Technique for EDR Evasion with Hardware Breakpoints
https://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints
2. Raw sockets hacking
https://antonio-cooler.gitbook.io/coolervoid-tavern/port-knocking-from-the-scratch
]-> Secure shell using port Knocking technique with AES256-GCM: https://github.com/CoolerVoid/ninja_shell
1. Blindside: A New Technique for EDR Evasion with Hardware Breakpoints
https://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints
2. Raw sockets hacking
https://antonio-cooler.gitbook.io/coolervoid-tavern/port-knocking-from-the-scratch
]-> Secure shell using port Knocking technique with AES256-GCM: https://github.com/CoolerVoid/ninja_shell
Cymulate
Blindside: A New Technique for EDR Evasion with Hardware Breakpoints
Cymulate researchers have discovered a new vulnerability and created a proof of concept. The technique based on it allows attackers to circumvent many EDR vendors.
#Red_Team_Tactics
1. Process reparenting in MS Windows
https://blog.trailofbits.com/2022/12/20/process-reparenting-microsoft-windows
2. CLI tool/library to enhance and speed up script/exploit writing with string conversion/manipulation
https://github.com/noraj/ctf-party
1. Process reparenting in MS Windows
https://blog.trailofbits.com/2022/12/20/process-reparenting-microsoft-windows
2. CLI tool/library to enhance and speed up script/exploit writing with string conversion/manipulation
https://github.com/noraj/ctf-party
Trail of Bits Blog
What child is this?
A Primer on Process Reparenting in Windows By Yarden Shafir Process reparenting is a technique used in Microsoft Windows to create a child process under a different parent process than the one maki…
#Red_Team_Tactics
Using Leaking Sentinel Value to Bypass the Latest Chrome v8 HardenProtect
https://medium.com/@numencyberlabs/using-leaking-sentinel-value-to-bypass-the-latest-chrome-v8-hardenprotect-c4ed40e3d34f
Using Leaking Sentinel Value to Bypass the Latest Chrome v8 HardenProtect
https://medium.com/@numencyberlabs/using-leaking-sentinel-value-to-bypass-the-latest-chrome-v8-hardenprotect-c4ed40e3d34f
Medium
Using Leaking Sentinel Value to Bypass the Latest Chrome v8 HardenProtect
A technical analysis where we use sentinel value to bypass the Latest Chrome v8 HardenProtect
#tools
#Red_Team_Tactics
1. Blindside - technique for evading the monitoring of EDR / XDR platforms using hardware breakpoints to inject commands
https://github.com/CymulateResearch/Blindside
2. Avoiding Detection with Shellcode Mutator
https://labs.nettitude.com/blog/shellcode-source-mutations
]-> https://github.com/nettitude/ShellcodeMutator
#Red_Team_Tactics
1. Blindside - technique for evading the monitoring of EDR / XDR platforms using hardware breakpoints to inject commands
https://github.com/CymulateResearch/Blindside
2. Avoiding Detection with Shellcode Mutator
https://labs.nettitude.com/blog/shellcode-source-mutations
]-> https://github.com/nettitude/ShellcodeMutator
GitHub
GitHub - CymulateResearch/Blindside: Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms - GitHub - CymulateResearch/Blindside: Utilizing hardware breakpoints to evade monitoring by Endpoin...